Mock SAML 2.0 Identity Provider
Ever needed to test an SSO setup but don't have access to the IDP for whatever reason?
Mock IDP provides a SAML2.0 IDP using POST bindings without need for a user database or complicated enterprise software setup.
Mock-idp requires python 3.6 and pip
Install and run mock-idp using Pip:
$ pip3 install mock-idp $ mock-idp ...
To override the system configuration create a config file. The service loads config files in the following order:
mockidp.yamlin the current working directory
~/.mockidp.yamlin your home directory
/etc/mockidp.yamlin the global config directory
- internal default config file shipped with the service package
Here is a sample (copy of built-in config) file to start with:
service_providers: - name: "local:service:author" response_url: "http://localhost:3000/saml_login" users: charlie: first_name: "Charlie" last_name: "Brown" email: "email@example.com" password: snoopy linus: first_name: "Linus" last_name: "van Pelt" email: "firstname.lastname@example.org" password: pumpkin lucy: password: charlie first_name: "Lucy" last_name: "van Pelt" email: "email@example.com" peppermint: first_name: "Peppermint" last_name: "Patty" email: "firstname.lastname@example.org" password: peppermint
For each service provider (client) that uses the identity provider, an entry in the service providers section of the config is needed. It has two values:
service_providers: - name: "local:aem:author" response_url: "http://localhost:14502/saml_login"
- name is the service provider entity id that the service provider sends with each request.
- response_url is the public url of the service provider. Once login has been completed, the browser will be redirected to this url.
Users is a fairly self explanatory list of user credentials recognized by the IDP:
users: charlie: first_name: "Charlie" last_name: "Brown" email: "email@example.com" password: snoopy roles: - administrators
Configuring a generic Service Provider
- Mock-IDP supports the POST binding protocol of SAML2.0.
- By default mock-idp runs on port 5000 and the binding path is /saml.
- the response message provides four attributes:
- uid: The username
- email: the user email address
- firstName: The users first name
- lastName: The users last name
- The logout path is /saml/logout
To generate a service provider Certificate, run the following commands:
$ openssl genrsa -out saml.pem 2048 $ openssl req -new -key saml.pem -out saml.csr $ openssl x509 -req -days 365 -in saml.csr -signkey saml.pem -out saml.crt
This will produce three files:
- saml.pem - The private key
- saml.csr - The certificate signing request
- saml.crt - The final certificate
Refer to your service provider documentation on how to install the certificate.
Running using Docker
Import local config into a docker container
To run the base config just start the service and map port 5000
$ docker run -p 5000:5000 bjornskoglund/mock-idp:0.4.0
Provided you have produced your config file containing service providers and user account information. You can inject into a docker container by the following:
$ docker run -p 5000:5000 -v <absolute path to your config>.yaml:/usr/local/mock-idp/mockidp.yaml bjornskoglund/mock-idp
Copy the cert/cert.pem file into your Service Provider (SP), and be sure that the ISSUER (entity id) provided by the SP matches the name: of the Service Provider in your config.
Install pipenv with pip to handle dependencies
$ pip3 install pipenv
then install environment
$ pipenv install
Run from source:
$ PYTHONPATH=. pipenv run bin/mock-idp ...
All system config is located in mockidp/resources/default_config.yaml.
Mock-IDP has been tested with the following service providers
- Adobe Experience Manager (AEM) 6.2
- Node.js - saml2-js package
Release history Release notifications | RSS feed
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.